Vormetric Data Security Manager

Remove data security deployment and operational complexity

Centrally manage your organization's data security environment

The Vormetric Data Security Manager (DSM) is the central management point for all Vormetric Data Security Platform products. The DSM not only creates, stores and manages the encryption keys that protect data, it also enables organizations to manage every aspect of their Vormetric data security platform implementation. The DSM allows administrators to specify data access policies, administer DSM users and logical domains, generate usage reports, register new hosts, access security logs, manage third-party keys, digital certificates and more. Moreover, as enterprises and service providers need data security management in concert with their other infrastructure, the DSM also provides integration capabilities with multiple APIs and a command line interface as well as a simple graphical user interface (GUI) operation.

Data Security Manager
Unified, Simplified Management

The Data Security Manager (DSM) enables centralized management of data security policies and key management, simplifying training, deployment and operations.

Flexible Form Factors

The Data Security Manager is available in different form factors and FIPS 140-2 levels. Deploy virtual appliances on-premises, in private and public clouds or select high-assurance hardware with the data security management tool.

Centralize Key and Policy Management

Provision and manage keys for all Thales eSecurity products, and manage keys and certificates for third-party devices.

Data Security Manager Graphic

Flexible Deployment Form Factors

The Data Security Manager (DSM) is offered as a FIPS 140-2 Level 1 virtual appliance, as well as two hardware appliances: The V6000, which is FIPS 140-2 Level 2 certified, and the V6100, which is FIPS 140-2 Level 3 certified. The virtual appliance is available in VMware, HyperV, KVM, Amazon Web Services, and Azure compatible formats.

Unified Management and Administration

The DSM provides central management and secure storage of encryption keys, including those generated by Thales eSecurity products, KMIP-compliant devices, Microsoft SQL Server TDE, Oracle TDE and IBM Guardium Data Encryption. The data security manager has an intuitive Web-based console, CLI, or APIs for managing encryption keys and policies.

Maximum Security and Reliability

To maximize uptime and security, the DSM features redundant components and the ability to cluster appliances for fault tolerance and high availability. Strong separation-of-duties policies can be enforced to ensure that one administrator does not have complete control over data security activities, encryption keys or administration. In addition, the DSM supports two-factor authentication for administrative access as well as nShield Remote Administration with smart card access in the V6100.

Thales nShield HSM integration

Use Thales nShield Connect HSMs to provide FIPS 140-2 Level 3 root of trust for the virtual or V6000 hardware Vormetric DSM appliances. The DSM V6100 hardware appliance is equipped with an embedded FIPS 140-2 Level 3 nShield Solo HSM root of trust.

Secure key import for data encryption keys

Import data encryption keys generated by nShield HSMs, third-party HSMs or other key sources, using RESTful APIs or the DSM management console. These key import capabilities offer flexibility and give organizations more control of data security across cloud services, big data, container, and on-premises environments.

Especificações do hardware

Chassis montável em rack de 1U; 17” de largura x 20,5” de comprimento x 1,75” de altura (43,18 cm x 52,07 cm x 4,5 cm)
Peso V6000: 21,5 lbs (9,8 kg); V6100: 22 lbs (10 kg)
Memória 16GB
Disco rígido SAS dual RAID 1 configurado com selos de evidência de falsificações FIPS
Porta em série 1
Ethernet 2x1Gb
IPMI 1x10/100Mb
Fontes de energia 2 fontes removíveis com certificação 80+ (100VAC-240VAC/50-60Hz) de 400W
Detector de intrusão de chassi sim. Inclui também certificação de evidência de ausência de falsificações na parte superior
BTU máximo 410 BTU máx.
Temperatura Operável 10° a 35° C (50° a 95° F)
Temperatura Não-Operável -40° a 70° C (-40° a 158° F)
Umidade Relativa Operável 8% a 90% (nãocondensável)
Umidade Relativa Não Operável 5% a 95% (nãocondensável)
Agência de provação de segurança certificadosFCC, UL e BIS
FIPS 140-2 Nivel 3 O modelo V6100 é equipado com HSM nShield Solo com root of trust FIPS 140-2 Nível 3 disponível para V6100 e DSMs virtuais com integração do HSM nShield Connect
Módulo de segurança de hardware (HSM) com administração remota. Apenas para V6100: requer kit opcional nShield Remote Administration

Especificações do software

Interfaces administrativos Web segura, CLI, SOAP, RESTO
Número de domínios de gerenciamento: mais de 1,000+
Suporte de API PKCS #11, Gerenciamento Extensível de Chaves (EKM) da Microsoft, SOAP e REST
Autenticação segura nome de usuário/senha, autenticação multi-fator RSA (opcional)
Suporte de clustering sim
Backup backups seguros manuais e agendados. Recuperação de chave M de N
Gerenciamento de rede SNMP, NTP e Syslog-TCP
Formatos Syslog CEF, LEEF e RFC 5424
Certificados e validações FIPS 140-2 Nível 1, FIPS 140-2 Nível 2, FIPS 140-2 Nível 3 Common Criteria (ESM PP PM V2.1)

Especificações mínimas de máquinas virtuais — Recomendação para aplicações virtuais

Número de CPUs 2
RAM (GB) 4
Disco rígido (GB) 100GB
Suporte a provisionamento Thin sim

Solution Brief : Bring Your Own Data Encryption Keys

Learn how service and cloud providers can offer their end customers the ability to create and control the encryption keys used to protect their data with this bring your own key (BYOK) capability. The capability also enables enterprises to create and control the data encryption keys used to protect their sensitive information with appropriate assurance and entropy for their applications.

Download

Data Sheet : Vormetric Data Security Platform

The Vormetric Data Security Platform makes it efficient to manage data-at-rest security across your entire organization. Built on an extensible infrastructure, Vormetric Data Security Platform products can be deployed individually, while sharing efficient, centralized key management.

Download

Demo : The Vormetric Transparent Encryption

Watch this short demo to learn how Vormetric Transparent Encryption makes it easy to deploy file and database encryption with privileged user access controls and security intelligence log collection across all your server environments (physical, virtual, big data and cloud) with centralized policy and key management. This demo includes an animated demonstration, policy configuration, insider abuse demonstration, and review of the actual audit logs produced.

Play

Webinar : Cloud Encryption—One Shoe Won’t Fit All

There is no question about the acceleration of data migrating to the cloud. But which cloud? All clouds: a mix of Infrastructure-, Platform- and Software-as-a-Service cloud models are being deployed by almost every organization. When sensitive and regulated data move into these environments different data encryption methods need to be considered.

Play

Assista nosso vídeo demonstrativo interativo Explore
Agende uma demonstração ao vivo Agendar
Entre em contato com um especialista Entre em contato